CVE-2018-8553 : A remote code execution vulnerability exists in the way that Microsoft Graphics

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10.

Published 2018-11-14 01:29:01

Updated 2020-08-24 17:37:01

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2018-8553

Microsoft » Windows Server 2008 » Version: N/A Update SP2
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2008 » Version: N/A Update SP2 For Itanium
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:itanium:*
Matching versions
Microsoft » Windows Server 2008 » Version: R2 Update SP1 For X64
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 7 » Version: N/A Update SP1
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: R2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 8.1 » Version: N/A
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Rt 8.1 » Version: N/A
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: N/A
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 » Version: 1607
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-8553

EPSS FAQ

19.37%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 95 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-8553

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2018-8553

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8553

CVE-2018-8553 | Microsoft Graphics Components Remote Code Execution Vulnerability
Patch;Vendor Advisory
http://www.securitytracker.com/id/1042113

Microsoft Graphics Components File Processing Flaw Lets Remote Users Execute Arbitrary Code - SecurityTracker
Third Party Advisory;VDB Entry
http://www.securityfocus.com/bid/105777

Microsoft Windows Graphics Component CVE-2018-8553 Remote Code Execution Vulnerability
Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2018-8553

Products affected by CVE-2018-8553

Exploit prediction scoring system (EPSS) score for CVE-2018-8553

CVSS scores for CVE-2018-8553

References for CVE-2018-8553